en:
  activerecord:
    errors:
      models:
        application:
          attributes:
            redirect_uri:
              fragment_present: 'cannot contain a fragment.'
              invalid_uri: 'must be a valid URI.'
              relative_uri: 'must be an absolute URI.'
  mongoid:
    errors:
      models:
        application:
          attributes:
            redirect_uri:
              fragment_present: 'cannot contain a fragment.'
              invalid_uri: 'must be a valid URI.'
              relative_uri: 'must be an absolute URI.'
  mongo_mapper:
    errors:
      models:
        application:
          attributes:
            redirect_uri:
              fragment_present: 'cannot contain a fragment.'
              invalid_uri: 'must be a valid URI.'
              relative_uri: 'must be an absolute URI.'
  doorkeeper:
    errors:
      messages:
        # Common error messages
        invalid_redirect_uri: 'The redirect URI included is not valid.'
        unauthorized_client: 'The client is not authorized to perform this request using this method.'
        access_denied: 'The resource owner or authorization server denied the request.'
        invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
        server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
        unconfirmed_email: 'Verify the email address in your account profile before you sign in.'
        temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'

        #configuration error messages
        credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
        resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'

        # Access grant errors
        unsupported_response_type: 'The authorization server does not support this response type.'

        # Access token errors
        invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.'
        invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
        unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'

        # Password Access token errors
        invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'

        invalid_request:
          unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
          missing_param: 'Missing required parameter: %{value}.'
          not_support_pkce: 'Invalid code_verifier parameter. Server does not support pkce.'
          request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.'

        invalid_token:
          revoked: "The access token was revoked"
          expired: "The access token expired"
          unknown: "The access token is invalid"
    scopes:
      api: Access the authenticated user's API
      read_user: Read the authenticated user's personal information
      read_repository: Allows read-only access to the repository
      write_repository: Allows read-write access to the repository
      read_registry: Grants permission to read container registry images
      read_observability: Allows read-only access to GitLab Observability
      write_observability: Allows read-write access to GitLab Observability
      openid: Authenticate using OpenID Connect
      sudo: Perform API actions as any user in the system
      profile: Allows read-only access to the user's personal information using OpenID Connect
      email: Allows read-only access to the user's primary email address using OpenID Connect
      admin_mode: Admin Mode is a functionality designed to limit the access level of administrator's personal access tokens.
      create_runner: Grants create access to the runners
    scope_desc:
      api:
        Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry.
      read_api:
        Grants read access to the API, including all groups and projects, the container registry, and the package registry.
      read_user:
        Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
      read_repository:
        Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API.
      write_repository:
        Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API).
      read_registry:
        Grants read-only access to container registry images on private projects.
      write_registry:
        Grants write access to container registry images on private projects.
      read_observability:
        Grants read-only access to GitLab Observability.
      write_observability:
        Grants write access to GitLab Observability.
      openid:
        Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships.
      sudo:
        Grants permission to perform API actions as any user in the system, when authenticated as an admin user.
      profile:
        Grants read-only access to the user's profile data using OpenID Connect.
      email:
        Grants read-only access to the user's primary email address using OpenID Connect.
      admin_mode:
        Grants permission to perform API actions as an administrator, when Admin Mode is enabled.
      create_runner:
        Grants create access to the runners.
    project_access_token_scope_desc:
      api:
        Grants complete read and write access to the scoped project API, including the Package Registry.
      read_api:
        Grants read access to the scoped project API, including the Package Registry.
      read_repository:
        Grants read access (pull) to the repository.
      write_repository:
        Grants read and write access (pull and push) to the repository.
      read_registry:
        Grants read access (pull) to the Container Registry images if a project is private and authorization is required.
      write_registry:
        Grants write access (push) to the Container Registry.
      create_runner:
        Grants create access to the runners.
    flash:
      applications:
        create:
          notice: 'The application was created successfully.'
        destroy:
          notice: 'The application was deleted successfully.'
        update:
          notice: 'The application was updated successfully.'
      authorized_applications:
        destroy:
          notice: 'The application was revoked access.'
